On-Chain Insurance and Risk Transfer Layer: The Next Phase of DeFi's Key Puzzle

Introduction

Source: de.fi

In the past year, the total losses in the DeFi space have reached up to $2.02 billion, with only about 5% of the funds recoverable. This scale is roughly 1.1 times the total value locked (TVL) in Curve Finance, indicating that security incidents continue to erode the industry’s capital base.

Since March this year, several notable security incidents have occurred in DeFi:

Solv Protocol lost $2.73 million due to a re-entrancy bug in the mint() function; Venus Protocol on BSC was bypassed due to a supply cap validation gap, resulting in $2.18 million in bad debt; Resolv Labs was hacked via private key leak, leading to the unauthorized minting of approximately $80 million in unsecured USR, with about $25 million in funds lost; meanwhile, Drift Protocol experienced the largest attack since 2026, with losses exceeding $280 million. Attackers deployed their attack paths weeks in advance and obtained approval for 2/5 of multisig via social engineering, ultimately taking over management rights and transferring over half of the protocol’s funds in a short period. Additionally, KelpDAO experienced a spillover risk and liquidity squeeze caused by underlying asset security issues, further amplifying market pressure related to LRT.

These events reveal a harsh reality: no matter how advanced the underlying technology, user funds are always exposed to tail risks that cannot be fully eliminated.

In fact, DeFi has established a solid foundation in other layers over the past few years:

• Infrastructure Layer: Ethereum completed The Merge; Layer 1 / Layer 2 solutions like Base and Solana continue to provide low-cost, high-throughput execution environments; on-chain settlement stability and reliability are gradually approaching that of traditional financial infrastructure.

• Lending / Yield Layer: Protocols such as Aave, Morpho, Kamino have formed relatively mature on-chain lending markets; Pendle further enables yield splitting, making yield products increasingly diverse.

• Strategy / Asset Management Layer: Professional risk management teams like Gauntlet, Steakhouse Financial, MEV Capital are beginning to participate as “on-chain fund managers,” actively managing risk and return.

However, despite these developments, there remains a significant gap in the “risk transfer” key link across the entire DeFi stack.

Comparing to traditional finance: the absence of insurance

Traditional financial systems can support hundreds of trillions of dollars in assets, relying not only on regulation but also on a complete risk transfer mechanism: bank deposits are protected by FDIC, securities accounts are backed by SIPC, and institutional trades are hedged with credit derivatives.

The insurance industry acts as a “shock absorber” for the financial system, with global insurance premiums accounting for about 6–7% of global GDP. When including the asset management scale held by insurance companies, their influence on capital markets far exceeds this percentage. (1)

In contrast, on-chain insurance products’ premiums are less than 1% of DeFi TVL, and the gap itself signals a market opportunity at a significant scale.

Why is DeFi insurance so difficult?

Risk is hard to quantify; traditional insurance pricing frameworks are not directly applicable

The risks faced by DeFi are highly complex and heterogeneous, including smart contract vulnerabilities, stablecoin de-pegging, oracle failures, etc., often co-occurring and overlapping. Unlike traditional insurance, DeFi lacks sufficiently long and verifiable historical claims data, making traditional actuarial models based on long-term loss distributions and incident frequencies ineffective.

Meanwhile, the boundaries of DeFi risks are much more blurred than in traditional insurance. In traditional insurance, insurable objects like houses, vehicles, or personal health have clear, independent risk boundaries; in DeFi, protocols are highly composable, and the failure of a single underlying component can propagate along liquidity, collateral, yield strategies, and liquidation paths, creating chain reactions across protocols. This makes scope of coverage, responsibility attribution, and loss definition more difficult.

Capital efficiency is low, making it hard to compete with native DeFi yields

Insurance inherently requires locking in large amounts of reserves upfront to cover potential claims; however, in DeFi, users and liquidity providers tend to prefer deploying funds into strategies that generate higher, more continuous yields, such as lending, market making, arbitrage, or yield aggregators.

Source: Nexus Mutual

Compared to this, most on-chain insurance pools currently offer returns that are generally lower than mainstream DeFi yields, making it difficult to compete for capital with more attractive uses. Under this opportunity cost constraint, insurance pools struggle to attract sufficient underwriting capital, further limiting the supply and scale of insurance products.

Market Segments Analysis

Despite these gaps, initial on-chain risk/insurance ecosystems are emerging:

On one end are pools like Nexus Mutual that truly undertake risk transfer functions; on the other are platforms like Catalysis and OpenCover that embed protection mechanisms into deposit and product pathways, supported by risk ratings from Credora, LlamaRisk, risk verification from entities like Accountable, and real-time risk detection from Hypernative, Blocksec, etc.

Let’s define four functional layers.

• Coverage / Underwriting: The layer that ultimately absorbs losses, collects premiums, and adjudicates claims, embedding protection natively into vaults or product flows so that coverage is no longer an external add-on.

• Risk Rating: Converts risks into comparable scores, capital recommendations, and parameters.

• Verification: Confirms that assets, liabilities, and reserves are real and verifiable on-chain.

• Detection: Provides alerts, transaction screening, simulations, or automatic blocks before losses occur.

These four layers form the analytical framework of this article.

Underwriting / Underwriting Layer

Catalysis’s core design is to embed risk protection directly into DeFi vaults, making protection part of asset allocation rather than an external insurance product users must purchase separately. In other words, when users deposit into a vault, they automatically obtain corresponding risk protection, without needing to seek out insurance protocols.

Mechanistically, Catalysis connects three types of participants into a complete on-chain underwriting process:

Source: Catalysis

First, restakers deposit assets like ETH, BTC, or stablecoins into restaking protocols such as EigenLayer or Symbiotic, forming a penalizable economic security capital pool, which constitutes the system’s initial underwriting capacity; second, this capital is allocated to different CoverPools, each corresponding to a specific risk type, such as a particular lending vault or yield strategy; finally, vault users pay coverage fees as the cost of obtaining risk protection, which are then distributed to the restakers providing the underwriting capital. (2)

How is risk priced?

In Catalysis, risk pricing is not determined by a committee judging each case but is automatically executed based on a preset parameter model established by the protocol team. The overall logic is: higher risk requires more penalizable underwriting capital, and the corresponding coverage fee is higher.

Specifically, each CoverPool sets underwriting capacity, slashing ratios, and fee parameters for different vault risk types, determining how much restaked capital needs to be locked as coverage and how much coverage fee users must pay. These fees can be understood as the “cost of renting” the underwriting capital.

Since the underwriting capital comes from restakers, the fee rates are also influenced by capital supply: when available coverage is ample, costs are lower; when capital is scarce, fees rise. This makes risk pricing dependent both on protocol parameters and market supply-demand dynamics.

OpenCover also belongs to the “embedded protection infrastructure,” but it is not the ultimate underwriter; rather, it acts as a distribution and structuring platform for on-chain protection products, packaging underlying underwriting capacity into modules that can be directly integrated into DeFi product pathways. (3)

Source: Opencover

In terms of underwriting structure, OpenCover itself does not provide underwriting capital.

The actual underwriting behind Covered Vaults is provided by Nexus Mutual: when users deposit into vault shares, Nexus Mutual’s staking pool locks the corresponding amount of NXM tokens based on real-time coverage scale, serving as verifiable on-chain underwriting capital, allowing protection capacity to expand in sync with vault risk exposure. (4)

In risk pricing, the coverage fee rate for Covered Vaults is not fixed but follows Nexus Mutual’s dynamic pricing mechanism.

Simply put, the underwriter manages a minimum acceptable fee rate and adjusts around the initial price based on supply and demand: when coverage demand for a vault rises rapidly and capacity is heavily utilized, the price automatically increases; when capacity is sufficient and demand is low, the price gradually decreases. Overall, this is a dynamic on-chain pricing mechanism that varies with risk and capital utilization. (4)

Risk Assessment Layer

Several market entities now focus on DeFi risk assessment, approaching from credit scoring, verifiable data infrastructure, and dynamic parameter simulation, forming the foundation for on-chain insurance pricing and risk management.

Credora is currently the closest to traditional credit rating agencies (like S&P, Moody’s) in DeFi, launched by RedStone. It provides systematic risk ratings for tokens, lending markets, and vault portfolios, offering protocols a quantifiable basis for capital allocation.

Three-layer rating architecture

1) Token Ratings

Calculates default probabilities (PSL) for assets like LSTs and stablecoins, using benchmark anchoring methods combined with risk adjustment factors to generate baseline risk scores.

2) Lending Market Ratings

Differentiates market structures:

• Isolated collateral markets (e.g., Morpho): use Monte Carlo simulations to repeatedly infer possible outcomes under numerous random scenarios, estimating probability distributions of results. The main focus is whether a problem with a particular collateral type would cause significant losses in that market.

• Collateralized markets (e.g., Aave, Spark): more complex, as the same assets may be repeatedly borrowed and re-collateralized, amplifying risks through layered usage. The key assessment is whether issues with underlying assets could trigger chain reactions that magnify risks and impact the entire market. (5)

3) Strategy Portfolio Ratings

Views vaults as cross-market asset portfolios, incorporating not only underlying allocations but also manager capabilities and governance quality.

Rating methodology

Source: Credora

Uses an A+ to D letter rating system, based on historical default rate data from three major rating agencies from 1990–2023, and employs an exponential function to map probability of default (PD) curves, aligning traditional credit ratings with DeFi risk distributions.

Unlike Credora, LlamaRisk does not produce scores but builds a verifiable, on-chain risk data framework to address one of DeFi’s most critical issues: data trustworthiness.

Two core components

SAVE Framework (Structured Attestation & Verification Engine)

An open-source TypeScript toolkit that converts structured financial data into verifiable on-chain records, including:

• Claims: structured factual statements

• Proofs: cryptographic proofs

• Attestations: signed evidence published on-chain and stored in IPFS

Applicable not only for reserve proofs but also for collateral quality and strategy transparency verification.

LlamaGuard Suite

Built on SAVE, a set of RWA risk management tools:

• LlamaGuard Proof: automated financial data attestation

• LlamaGuard NAV: Chainlink-based bounded NAV oracle

• LlamaGuard Actions: conditional risk response mechanisms (6)

Many protocols like Aave, Curve, Midas, Ethena are also using these tools to assess risks such as liquidity status, capital utilization, oracle price deviations, etc. These insights help teams set reserve sizes, debt limits, and other key risk parameters more confidently.

Meanwhile, Chaos Labs is one of the most comprehensive DeFi risk analysis platforms, focusing on real-time simulation, market stress testing, and risk parameter optimization.

Three core capabilities

First, dynamic risk monitoring: tracking key metrics across multiple chains in real-time, including total supply and borrowings, utilization rates, liquidation events, collateral concentration, and whale exposure; currently covering over $63.7 billion in assets across major blockchains.

Second, risk exposure simulation: stress testing under extreme market scenarios, such as sharp collateral price drops, liquidity crunches, or concentrated sell-offs, to evaluate protocol solvency and potential bad debt.

Third, parameter optimization: adjusting key risk parameters like LTV, liquidation thresholds, and interest rates based on simulation results, helping protocols balance capital efficiency and risk control. (7)

Verification Layer

The verification layer addresses a more fundamental issue: whether on-chain data is truly trustworthy.

Without reliable mechanisms to verify assets, liabilities, and reserves, even the most sophisticated risk models may be built on false premises. Currently, representative verification infrastructures include Chainlink Proof of Reserve and Accountable.

Chainlink PoR is one of the most mature on-chain reserve verification networks, mainly used to verify whether stablecoins, cross-chain assets, and RWAs are fully collateralized. Its core goal is to reduce trust in off-chain asset authenticity.

Source: Chainlink

Its process generally involves: an auditor or data provider continuously collecting reserve data, which is then verified and reached consensus by Chainlink’s decentralized oracle network. When reserve changes exceed preset thresholds or reach fixed update intervals, data is written on-chain for protocol access. (8)

The key value of PoR is not just displaying data but enabling further integration into protocol logic:

• Secure Mint: only allow new minting when reserves are sufficient, preventing uncollateralized issuance

• Circuit Breaker: automatically trigger pause on lending or related operations during abnormal collateralization

Accountable Capital fills a core blind spot of traditional PoR: it not only verifies assets but also liabilities.

Source: Accountable

Looking at assets alone does not prove an institution’s health, as it may carry larger hidden debts. Accountable’s core approach is to use zero-knowledge proofs (ZKPs) to verify both assets and liabilities without revealing sensitive information, providing a more complete solvency proof.

Operation method

Its core architecture, the Data Verification Network (DVN), continuously aggregates multiple data sources, including on-chain addresses, custody accounts, bank accounts, internal accounting systems, and contract positions. After local encryption, it generates ZKPs that prove whether an institution has sufficient net worth, without exposing specific addresses, API keys, or trading strategies. (9)

Compared to only verifying reserves, Accountable further assesses overall financial health, making it especially suitable for institutions or stablecoin architectures that need ongoing disclosure of leverage, hedging positions, and liabilities.

Risk Detection Layer

The risk detection layer addresses another key question: can attacks be detected and stopped before causing losses?

Audits are static pre-deployment checks, while detection is an “immune system” that operates in real-time after deployment. One of the most representative infrastructures is Hypernative.

Source: Hypernative

Hypernative’s core capability is to monitor anomalies across multiple dimensions using machine learning, transaction simulation, graph analysis, and mempool monitoring. In other words, it doesn’t just look for code vulnerabilities but also detects ongoing attack preparations, such as suspicious transaction paths, oracle deviations, governance anomalies, front-end phishing, or cross-protocol linked behaviors. (10)

This detection capability is valuable because it can directly trigger automated risk controls: when risk levels reach a threshold, protocols can pause markets, freeze functions, adjust LTV or borrow caps, isolate suspicious assets, or even intercept transactions before they are confirmed in blocks.

Compared to traditional audits that only provide static pre-deployment reports, these detection systems offer continuous operational protection: audits answer “what could go wrong,” while detection answers “what is happening right now.”

Outlook

For DeFi insurance markets to truly scale, several core issues must be addressed:

First, the yield on underwriting capital is generally low, making it unattractive compared to other on-chain yield opportunities. Whether through lending, market making, or yield aggregators, capital can usually find higher returns elsewhere.

This raises a fundamental supply-demand question: if the risk premium for insurance capital pools is insufficient, who will be willing to provide long-term capital to bear tail risks?

Second, the insurance layer must have a sufficiently large underwriting fund to cover losses from medium to large security incidents. Black swan events could cause losses in the hundreds of millions of dollars.

Of course, risk management responsibilities shouldn’t fall solely on insurance; protocols should also implement mechanisms like timelocks and withdrawal limits to prevent liquidity from being drained in a single event. Nonetheless, insurance pools need to be sizable enough to provide effective coverage.

More critically, compared to TradFi, DeFi experiences more frequent security incidents and more diverse attack vectors, which means the capital volume required for insurance coverage will be larger, and scaling will be more challenging.

Third, current DeFi protocols lack effective “stop-loss” structures at the system design level, making risk pricing difficult for insurance.

From an insurance perspective, a key question isn’t whether an attack will happen, but whether losses can be structurally limited when it does. Many protocols still allow administrators to perform large fund migrations, parameter changes, or upgrades within very short timeframes. If permissions are compromised, losses tend to be “instantaneous,” with LGD (Loss Given Default) approaching 100%.

In such a structure, insurance funds are effectively exposed to unlimited tail risk, which is nearly impossible to underwrite commercially.

In contrast, if protocols incorporate design features such as:

• Rate limits on withdrawals

• Single-transaction or daily caps

• Whitelisted fund flows

• Mandatory timelocks

these can significantly reduce the maximum loss per attack, transforming risk from “catastrophic” to “measurable,” enabling insurance to establish reasonable pricing.

Fourth, the underlying technical architecture of DeFi still contains many “unknown unknowns,” leaving protocols exposed to evolving new attack surfaces.

Recent cases are illustrative: Drift’s issue stemmed from a social engineering attack on the admin’s private key; KelpDAO’s incident involved a breach of its 1-of-1 verifier setup. When receiving cross-chain messages via LayerZero, funds are only verified by a single node before release, creating a critical single point of failure.

Such risks may not only originate from code vulnerabilities but also from permission design, cross-chain verification, operational errors, or human mistakes. In other words, on-chain risks are not only “known risks” but also many “unknown unknowns” that have yet to be fully identified.

Although platforms like Hypernative for real-time security monitoring and risk assessment tools like Chaos Labs and LlamaRisk are emerging, the overall DeFi risk management framework still requires longer-term iteration before reaching maturity and reliability.

1. More about: sigma 03,19 Nov 2024

About Gate Ventures

Gate Ventures is the venture capital arm of Gate, focusing on investments in decentralized infrastructure, ecosystems, and applications, committed to reshaping the Web 3.0 era. Collaborating with industry leaders worldwide, Gate Ventures empowers innovative teams and startups to redefine social and financial interactions.

For more information, visit: Official Website | X | Telegram | LinkedIn | Medium

Disclaimer:

This content does not constitute any solicitation, offering, or advice. Always seek independent professional advice before making any investment decisions. Please note that Gate Ventures may restrict or prohibit services from restricted regions. For more details, read the user agreement at: * .